SAS 70 audits review the not only the security of your networks but of the data that is transported across your networks and on the security of your data that remains on your servers and laptops. Before choosing an encryption vendor, there are factors you consider:

• What administrative actions are required? Can keys be changed and modified by the user or does your network administrator have to take action? What if the key is compromised, can it be changed at will? If the key is changed, how do you remember it?
• What steps are taken to manage keys? Are keys kept in a secure database or are they managed individually? Independent solutions allow you more flexibility, but independent users may not always follow the company standards which may give hackers an opportunity.
• Are multiple keys supported and can you create a master? The more critical and sensitive the data, the tougher the key should be crack. 
• Is there PKI in corporation? Does the encryption product integrate with an existing PKI production ro des it require software in order to function? Any vendor solution should be able too. SAS70ExPERT@gmail.com

Are you reviewing you firewall rules quarterly? Have you implemented an (IDS) intrusion detection system? Are your routers set up to prevent unauthorized intruders? Do you have the latest and greatest virus protection? Are you performing a SAS70 audit every six months? Database security breaches are increasing daily and costing tremendous amounts of dollars that should have been spent on IT projects. You should at least have an emergency plan in place when data loss occurs. Without an emergency plan in place, the breach could continue and the legal costs could continue to escalate.

Various transport methods, such as email, instant messaging, FTP, and encryption have been implemented to share files/data between Companies. But many methods, suffer from security, manageability, and the ability to track/log the transfer of information. Increasing regulations and SAS70 audit guidelines are requiring that privacy and security of data be maintained. What data transfer method are you using and is it secure,manageable and auditable?

The types of data transfer continue to evolve and a variety of people with whom companies exchange data is also changing. For example, many companies outsource processes that they used to perform in-house. Furthermore, some even are processed overseas, especially in India. How much control do you have on your outsourced vendor? How do you know that their process to transfer data is secure and managed appropriately? SAS70ExPERT@gmail.com

First, those wi-fi networks need monitoring and standards – a SAS70 audit to review network controls. Included in a SAS70 audit is a review of your router controls to make sure that you have some insurance in place to prevent network downtime.

 When the routers are taken out of the box and set on the shelf and plugged in, that is not the only installation required. Administrative passwords and SSID’s need to be strengthen and hardened so that Mr Hacker is not able to stop your credit card from being accepted. Use administrative passwords that are not common, require numbers and letters, and are not your mothers name. The same requirements should be used for SSID’s.In addition, turn on encryption, preferably WPA – which is considered almost impossible to crack. What controls/insurance do you have in place?

SAS70ExPERT@gmail.com